General
-
Target
ae78eacdae080fe62fdf851f5b1f05b31b8acfe20f8807c42eb31209afeca532
-
Size
3.5MB
-
Sample
240905-ts9mmsvbkp
-
MD5
f7144de25081b494ef6fec8bb64188e3
-
SHA1
5301295d646e3d9016f13da10622e67e573156fc
-
SHA256
ae78eacdae080fe62fdf851f5b1f05b31b8acfe20f8807c42eb31209afeca532
-
SHA512
5ad21c1c1d0519031899e07eea0f3c7f9935753680cafac896db0d75536d6a3eddb4452f49bc1089afc16325f743b8e5c47c9d29e670e1b7d6277811370f9d62
-
SSDEEP
98304:DVaKNnzR3/PLZ0HP01+uE4JqyP8mSoKVnJwiCSAx:DUezd2P0MuE49P8mSo0wiTE
Malware Config
Extracted
tispy
https://auth.familysafty.com/TiSPY/printIPN.jsp?screen=IntroScreen&model=Pixel+2&osversion=28&deviceid=358240051014041&version=3.2.183_11Aug24&rtype=T
Targets
-
-
Target
ae78eacdae080fe62fdf851f5b1f05b31b8acfe20f8807c42eb31209afeca532
-
Size
3.5MB
-
MD5
f7144de25081b494ef6fec8bb64188e3
-
SHA1
5301295d646e3d9016f13da10622e67e573156fc
-
SHA256
ae78eacdae080fe62fdf851f5b1f05b31b8acfe20f8807c42eb31209afeca532
-
SHA512
5ad21c1c1d0519031899e07eea0f3c7f9935753680cafac896db0d75536d6a3eddb4452f49bc1089afc16325f743b8e5c47c9d29e670e1b7d6277811370f9d62
-
SSDEEP
98304:DVaKNnzR3/PLZ0HP01+uE4JqyP8mSoKVnJwiCSAx:DUezd2P0MuE49P8mSo0wiTE
Score10/10-
TiSpy
TiSpy is an Android stalkerware.
-
TiSpy payload
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Queries information about the current nearby Wi-Fi networks
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
-
Queries the phone number (MSISDN for GSM devices)
-
Requests cell location
Uses Android APIs to to get current cell location.
-
Acquires the wake lock
-
Queries information about active data network
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC)
-
Reads information about phone network operator.
-